EXPEDITION is committed to following the guidelines of Brazilian Law No. 13,709/2018, better known as the General Data Protection Law or “LGPD”, and to informing how we use Personal Data while the User browses our digital platform. For this purpose, this Privacy Policy has been prepared containing all the information about access, use, storage, and other topics involving the processing of Personal Data.

If you have any questions or requests, please contact EXPEDITION by email at: contact@expeditionadvisory.com.

SUMMARY

WHO ARE WE?
 EXPEDITION ADVISORY CONSULTORIA DE NEGÓCIOS LTDA (“EXPEDITION”)
 CNPJ/ME No. 61.113.001/0001-37

WHERE ARE WE LOCATED?
 Av. Brig. Faria Lima, No. 1811, Office Room 1102
 Neighborhood: Jardim Paulistano, São Paulo, SP
 Postal Code: 01452-001

WHAT PERSONAL DATA DO WE USE?

• User identification data: full name, address, date of birth, nationality, ID document number (such as RG, CPF, driver’s license), professional registration, email and phone number.
• Academic and professional data: company where you work, profession, position, academic background.
• Financial data: compensation, transaction history, credits, sales, properties, debt certificates, loans.
• Communication data: content of exchanged emails; responses from forms and interactions with EXPEDITION through its service channels (which may or may not contain Personal Data).
• Browsing data: IP, access history, language, cookie preferences, among others.

FOR WHAT PURPOSES?
To collect, store, and use personal data for commercial prospecting, consulting services, communication with clients and partners, sending newsletters and informational content, as well as to ensure the operation and continuous improvement of EXPEDITION’s digital platform. Data may also be used to comply with legal and contractual obligations, prevent fraud, perform statistical analysis, and personalize the User’s experience.

FOR HOW LONG?
Until the purpose of data use is achieved, as a general rule. However, data may also be retained:

• For the time required by law.
• Until the end of personal data processing upon the Data Subject’s request.
• For the time necessary to preserve our legitimate interest, as applicable.
• For the time needed to safeguard EXPEDITION’s legal rights in judicial, administrative, or arbitration proceedings.

Before continuing with information about the Personal Data being processed, here are a few technical terms you may find in this document:

• National Data Protection Authority (ANPD): The regulatory body responsible for enforcing LGPD in Brazil.
• Controller: The entity responsible for decisions about the processing of personal data.
• Processor: Any individual or legal entity that processes personal data on behalf of the Controller.
• Data Subject: The individual to whom the personal data refers.
• DPO (Data Protection Officer): The person designated by the Controller and Processor to act as a communication channel with data subjects and the ANPD.
• Personal Data: Any information related to an identified or identifiable natural person, such as: name, CPF, RG, home or business address, phone number, email, IP address, location, etc.
• Sensitive Personal Data: Personal data about racial or ethnic origin, religious belief, political opinion, union membership or membership in religious/philosophical/political organizations, health or sex life, genetic or biometric data.
• Security Incident: Any accidental, unlawful or unauthorized access, acquisition, use, modification, disclosure, loss, destruction or damage involving personal data.
• General Data Protection Law (LGPD): Federal Law No. 13.709/2018 that regulates the processing of personal data.
• Security, Technical and Administrative Measures: The measures taken to protect personal data from unauthorized access and from accidental or unlawful destruction, loss, alteration, disclosure, or improper processing.
• Third Party: Clients, partners, suppliers, client representatives or any external entity whose personal data is processed.
• Processing: Any operation performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, comparison, restriction, erasure or destruction.

If a new concept arises that is not clarified, please refer to Article 5 of the LGPD for further details.

1. HOW DO WE COLLECT YOUR PERSONAL DATA?

Personal Data is processed when necessary to achieve the purposes mentioned in this Privacy Policy, especially for the provision of consulting and investment advisory services.

EXPEDITION may collect your Personal Data:

• Directly from you, as the data subject.
• From someone related to you, such as your employer.
•  
• From publicly available sources, like the Federal Revenue Service and other government websites.

2. WHAT PERSONAL DATA IS COLLECTED AND FOR WHAT PURPOSE?

EXPEDITION is a strategic consultancy operating at the intersection of football, investment strategy, and capital. Therefore, EXPEDITION will be the Controller of your Personal Data in the context of the relationship established with the User.

The following Personal Data is collected:

• User identification data: full name, address, date of birth, nationality, ID document number (such as RG, CPF, driver’s license), professional registration, email and phone number.
• Academic and professional data: company where you work, profession, job title, academic history.
• Financial data: compensation, transaction history, credits, sales, properties, debt certificates, loans.
• Communication data: content of exchanged emails; form responses and interactions carried out with EXPEDITION through its service channels (which may or may not contain Personal Data).
• Browsing data: IP address, access history, language, cookie preferences, among others.

EXPEDITION uses this data to serve clients and deliver its services. Additionally, we may use your data for:

• Investor sourcing and qualification: collecting and processing data of potential investors (e.g. name, email, phone number, investment profile, location) for profile analysis and tailored outreach.
• Client and prospect relationship management: using data to send emails, newsletters, market intelligence reports, and promotional materials related to football investment opportunities.
• Market analysis and offer personalization: analyzing investor behavior and preferences to offer aligned opportunities based on interests and risk profiles.
• Due diligence and risk assessment: processing personal data of club representatives, fund managers, and investment partners for background checks (compliance, KYC – Know Your Customer).
• Contract formalization and management: using personal data of investors, legal representatives, and stakeholders to draft, execute, and manage advisory, investment, or partnership contracts.
• Organizing exclusive events and meetings: processing data to invite investors and partners to events, workshops, or networking meetings about the football market
• Personalized support and service: using data to provide tailored assistance to investors throughout the investment process.
• Legal protection and compliance with regulations: storing and using data as required by local regulations (e.g., anti-money laundering laws, regulatory obligations with agencies similar to the SEC).
• Controlled sharing with local partners and regulated funds: sharing personal data with investment funds and regulated entities to enable transactions, always under confidentiality agreements and within legal boundaries.

We may also process Personal Data to formalize a contract with EXPEDITION, issue invoices, and handle billing, especially if the data subject is an individual client or represents a corporate client.

3. WHO DO WE SHARE PERSONAL DATA WITH?

We may share your Personal Data with:

• Digital platform developers, cloud hosting services, and other IT providers to manage your relationship with our firm, registration, documentation, and related services.
• Correspondents, experts, reviewers, consulting and partner firms (national and international), auditors, accountants, translators, and financial institutions to support service delivery, as required to fulfill our contracts and agreements.
• Legal and market publications, national or international.
• Regulatory bodies and other government authorities.

We may also transfer Personal Data to service providers located abroad, including cloud service providers. In addition, we may share your Personal Data with other partners located outside of Brazil.

When transferring Personal Data internationally, we will adopt appropriate measures to ensure adequate protection in accordance with LGPD requirements, including signing proper data transfer agreements with third parties.

4. HOW LONG DO WE STORE YOUR DATA?

We are responsible for taking care of your Personal Data and using it solely for the purposes outlined in this Policy.

 EXPEDITION will store and maintain your information:

• For the period required by law.
• Until the end of personal data processing.
• For the time necessary to preserve our legitimate interest, as applicable.
• For the time necessary to protect EXPEDITION’s legal rights in judicial, administrative, or arbitration proceedings.

Thus, we may process data, for example, to comply with legal, regulatory, or contractual obligations, and to protect EXPEDITION’s rights.

Personal data processing ends when:

• The purpose for which the Personal Data was collected is fulfilled and/or the data is no longer necessary or relevant for such purpose.
• The data subject requests deletion of their Personal Data.
• There is a legal mandate to terminate processing.

When processing ends, any Personal Data without a legal basis for retention will be deleted.

5. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

The LGPD provides a list of rights for Data Subjects, including:

• Confirmation of data processing: You may confirm whether EXPEDITION is processing your Personal Data.
• Access to Personal Data: You may access your Personal Data, including requesting a copy of the data being processed.
• Correction of incomplete, inaccurate, or outdated data: You may request corrections or updates to incorrect information.
• Anonymization, blocking, or deletion: You may request the anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data.
• Data portability: You may request the portability of your data via the contact channels provided in this Privacy Policy.
• Deletion of Personal Data: You may request deletion of your Personal Data processed by EXPEDITION when based on your consent or by contacting us through the channels provided.
• Information about data sharing: You may request information about which public or private entities EXPEDITION has shared your Personal Data with, in accordance with this Policy.
• Information about the option not to provide consent: You may request information, via our contact channels, about your right to refuse consent for Personal Data processing and the consequences of such refusal, including any limitations to EXPEDITION’s ability to deliver services.
• Revocation of consent: You may, at any time and at your sole discretion, revoke previously granted consent for the processing of your Personal Data. All processing performed based on that consent up to the moment of revocation remains valid.
• Right to file a complaint with ANPD: If your requests are not addressed or if you are unsatisfied with the response, you may file a complaint with ANPD through a “data subject petition”.

Exercising your rights:
You may exercise your rights by contacting us at: contact@expeditionadvisory.com. When doing so, EXPEDITION may ask for additional information or documents to verify your identity and claims.

There are circumstances where some rights may be restricted — such as when sharing certain information could reveal EXPEDITION’s trade secrets, or due to legal/regulatory obligations, or for the purpose of legal defense in a judicial or administrative proceeding.

6. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?

EXPEDITION is committed to the security of your Personal Data and adopts all reasonable technical and organizational measures available in the market to ensure such protection. Additionally, EXPEDITION uses security systems and takes precautions to protect Personal Data and prevent Security Incidents.

6.1 COOKIES: WHAT THEY ARE AND HOW WE USE THEM

Cookies are essentially internet files that can be temporarily stored on your device. EXPEDITION uses cookies to make navigating our platform easier and to tailor it to your interests and needs. They are also important for providing information on how the website and its services are being used, which is essential to improve the relationship between EXPEDITION and its users.

Cookies may store certain information such as: your IP address, details of content you’ve viewed, and information you’ve entered (so you don’t need to retype it each time), as well as your preferences and settings, as described below:

Storage duration:

• Temporary cookies are discarded when you leave the website or close your session.
• Persistent cookies remain stored after the session ends and may have a defined expiration period.

By using the website, you acknowledge and agree to the use of cookies as described here. You will see a pop-up notice on your first visit to the site alerting you about cookie usage. This message may not appear in future visits, but you can manage cookie settings at any time via your browser.

If you do not agree with the use of cookies, you may disable them at any time in your browser settings. Please note that disabling cookies may affect the proper functioning of the website and cause some features to become unavailable.

7. CHANGES TO THIS PRIVACY POLICY

EXPEDITION reserves the right to revise this Privacy Policy at any time, whether due to the use of new technologies or whenever we deem it necessary. The updated Privacy Policy will be published on our website, so we recommend checking it periodically.

This Policy was last updated on June 4, 2025.